<?php
require_once 'common.inc';
session_start ();
if (! isset ( $_SESSION ['id'] ) or ! isset ( $_POST ['tname'] ))
	exit ();
	
	// 检查权限+生成sql
$sql = "";
if ($_SESSION ['aboutme'] != '总部用户') {
	$bRight = true;
	switch ($_POST ['tname']) {
		case 'customer' :
		case 'logic' :
			$sql = "DELETE FROM " . $_POST ['tname'] . " WHERE tmncode in (SELECT tmncode FROM management WHERE id='" . $_SESSION ['id'] . "')";
			break;
		case 'user' :
		case 'management' :
		case 'item' :
		case 'input' :
		case 'output' :
			$bRight = false;
			break;
	}
	if (! $bRight) {
		echo ("{success:false,msg:\"删除未授权的数据！\"}");
		exit ();
	}
} else {
	$sql = "DELETE FROM " . $_POST ['tname'];
}

// 删除数据
if (isset ( $_POST ['json'] ) && $_POST ['json'] != "") {
	// 删除选中
	$json = json_decode ( $_POST ['json'] );
	$str = "";
	for($i = 0; $i < count ( $json ); $i ++) {
		$str .= "(";
		foreach ( $json [$i] as $key => $val ) {
			$str .= $key . "='" . addslashes ( $val ) . "' AND ";
		}
		$str = substr ( $str, 0, - 5 ) . ") OR ";
	}
	if (strpos ( $sql, "WHERE" ) === false)
		$sql .= " WHERE " . substr ( $str, 0, - 4 );
	else
		$sql .= " AND (" . substr ( $str, 0, - 4 ).")";
}
$result = execSQL ( $sql );
if ($result)
	echo ("{success:true}");
else
	echo ("{success:false,msg:\"" . mysql_error () . "\"}");
?>